Hi,
Has anyone seen an issue with Cisco ISE 1.4 failing compliance checks with Citrix XenMobile 9.0 (patch 9996 & 9989 installed). From decrypting the HTTPS sessions ISE 1.3 looks to have sent the request in the following format -
http://xenmobile.domain/zdm/ciscoise/devices/0/macaddress/<MAC>/all - this would return
- <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <ise_api>
- <name>attributes</name>
- <api_version>1</api_version>
- <paging_info>0</paging_info>
- <deviceList>
- <device>
- <macaddress><MAC></macaddress>
- <attributes>
- <register_status>true</register_status>
- <compliance>
- <status>false</status>
- <failure_reason>Device out of compliance</failure_reason>
- <remediation>Device out of compliance to policy... Please contact your Administrator</remediation>
- </compliance>
- <disk_encryption_on>true</disk_encryption_on>
- <pin_lock_on>false</pin_lock_on>
- <jail_broken>false</jail_broken>
- <manufacturer>Apple</manufacturer>
- <serial_number><SERIAL></serial_number>
- <os_version>iOS</os_version>
- <model>iPad</model>
- <phone_number />
- </attributes>
- </device>
- </deviceList>
- </ise_api>
However in Cisco ISE 1.4 it seems to send the format - http://xenmobile.domain/zdm/ciscoise/devices/0/compliance/false/all which returns the following (if a device is compliant or not)
- <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
- <ise_api>
- <name>attributes</name>
- <api_version>1</api_version>
- <paging_info>0</paging_info>
- <deviceList>
- <device>
- <attributes> <compliance />
- </attributes>
- </device>
- </deviceList>
- </ise_api>
Has anyone seen this or got a fix for it?
Thanks,
Peter
